ModSecurity#
The module adds a connector for using ModSecurity rules. To install the module, use one of the following packages: Angie: Angie PRO: To work with the module, you need to load it in the Specify the Copy the OWASP Core Rule Set for ModSecurity (CRS)
to the Tip Check the latest release number here:
coreruleset/coreruleset In the directory with the core rules,
copy the minimally required ModSecurity configuration examples: Uncomment the Detailed documentation and source code are available at:
owasp-modsecurity/ModSecurity.Installation#
angie-module-modsecurityangie-pro-module-modsecurityLoading the Module#
main{} context:load_module modules/ngx_http_modsecurity_module.so;
Configuration Example#
modsecurity and modsecurity_rules_file directives
in the appropriate context, for example server:server {
modsecurity on;
modsecurity_rules_file /etc/angie/modsecurity/rules.conf;
# ...
}
/var/lib/angie/modsecurity/ directory:$ cd /var/lib/angie/modsecurity/
$ sudo git clone -b v4.1.0 https://github.com/coreruleset/coreruleset
$ sudo cp coreruleset/crs-setup.conf.example coreruleset/crs-setup.conf
$ sudo cp coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example \
coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
$ sudo cp coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example \
coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
Include directives below
in the /etc/angie/modsecurity/rules.conf file:Include /var/lib/angie/modsecurity/coreruleset/crs-setup.conf
Include /var/lib/angie/modsecurity/coreruleset/rules/*.conf
Additional Information#
Content